Universal password via browser extension Last Pass has announced on its company blog that it might have been the target of a hacking attempt on Tuesday, as it experienced an unidentifiable anomaly in traffic.
From the Last Pass blog:
“In this case, we couldn’t find that root cause. After delving into the anomaly we found a similar but smaller matching traffic anomaly from one of our databases in the opposite direction (more traffic was sent from the database compared to what was received on the server).
Because we can’t account for this anomaly either, we’re going to be paranoid and assume the worst: that the data we stored in the database was somehow accessed. We know roughly the amount of data transfered and that it’s big enough to have transfered people’s email addresses, the server salt and their salted password hashes from the database. We also know that the amount of data taken isn’t remotely enough to have pulled many users encrypted data blobs.”
Still unsure if this is actually an attack or who was responsible, Last Pass, (whose slogan is ironically “the last password you’ll have to remember!”) initially asked users to change their passwords.
Because of traffic overload due to this breach news, it is now asking users to verify their emails and will be rolling out password changes as the traffic dies down: “We’re asking if you’re not being asked to change your password then hold off — we’re protecting everyone.”
Collectively we lose more than 10,300 hours per year retrieving lost passwords, making new ones or talking to call center representatives about them. And it gets much worse if a password is stolen and misused. The LastPass team believes online experience can be easier, faster and safer. We go online to connect with people, explore, shop and learn. We certainly don’t go online to fuss with passwords or risk our privacy, personal or financial information. Designed by web enthusiasts...